Lucene search

[email protected]CVE-2007-0569

HistoryJan 30, 2007 - 5:28 p.m.

CVE-2007-0569

2007-01-3017:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sql injection

xnews

vulnerability

remote attackers

nvd

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.8%

JSON

SQL injection vulnerability in xNews.php in xNews 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a shownews action.

CPENameOperatorVersion
x-dev:xnewsx-dev xnewseq1.3

CPE	Name	Operator	Version
x-dev:xnews	x-dev xnews	eq	1.3

References

osvdb.org/32999

secunia.com/advisories/23954

www.securityfocus.com/bid/22284

exchange.xforce.ibmcloud.com/vulnerabilities/31855

www.exploit-db.com/exploits/3216

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.8%

JSON

Related for CVE-2007-0569

prion2 cve1 securityvulns1